bump-cluster-ui
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several high-privilege shell operations using system tools. It uses
gitto fetch branches, show file contents from specific references, manage local branches, and push code to fork remotes. It also utilizes the GitHub CLI (gh) to programmatically create pull requests on thecockroachdb/cockroachrepository. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating external data and user-provided inputs into executable command strings.
- Ingestion points: Processes the
package.jsonfile content and accepts user-provided strings for{version}and{epic}. - Boundary markers: Absent; user inputs are directly interpolated into shell command templates (e.g.,
git fetch origin release-{version}). - Capability inventory: Extensive use of
gitandghfor repository management, which could be abused if malicious strings are provided as input. - Sanitization: No explicit sanitization, shell-escaping, or validation is performed on inputs before they are passed to the shell environment.
Audit Metadata